Apple Responds, as Slowly as Ever, to Mac Malware Threat

Tech analysts, bloggers, and users have been debating whether Microsoft is slowly slipping into irrelevance for years, and the primary competitor that most turn to for proof of this claim is the software giant's faster-moving rival Apple. But Microsoft thoroughly outperforms Apple in several crucial areas, including its business, server, and cloud-based offerings. And if I were to pick a single area in which Microsoft simply owns Apple, I'd have to pick security.

That's right: Security.

Apple's security laziness can be easily explained: Because of the relatively tiny size of the Mac market, Apple never really had to address security concerns with its one-time primary platform in a timely manner. So it never did. Still doesn't, in fact.

But Microsoft had a different experience and its far more popular PC desktop and server OSs were the primary hacker target for at least two decades. In the midst of escalating electronic attacks in the early 2000s, then, Microsoft simply stopped making software for a few months, retrenched, and emerged on the other side with its Trustworthy Computing initiative, in which all of the software solutions it creates are pushed through an ever-improving, ongoing security review process.

As a result, Microsoft's software is more secure than ever. In fact, Microsoft's OS software is so secure that it's no longer the primary avenue for electronic attacks on PCs. Now, hackers are going after popular third-party software, like that made by Adobe, instead. The reason is simple: These applications don't benefit from the same hardening as do Microsoft's products.

And then there's Apple. Even when Mac OS X was the company's major focus, Apple pretty much ignored security, claiming that the system's underlying UNIX core made its OS offering more resilient than the competition. It routinely waited months and even years before fixing security bugs. (Microsoft releases security fixes on a predictable 30-day schedule and releases very important fixes as needed.) And now that OS X is on the back burner thanks to the incredible success of Apple's mobile devices, it shouldn't be surprising that Apple is still ignoring security issues in OS X.

This ignorance has never really bitten Apple or its users, of course. But this month, a new Mac malware threat has emerged. And Apple's response—lack of response, really—is troubling, because this one could be for real. But it shouldn't be surprising if you know anything about the company.

Without getting into the specifics of the hack—a Trojan usually called Mac Defender—let's just say that it's raised some old pain points between Windows users and those who advocate the "Think Different" mentality. Windows expert Ed Bott has come under withering fire from the iCabal for having the temerity to raise this issue and then not let go of it. And he's since published internal Apple documentation in which the Cupertino company instructs its support representatives to not even acknowledge let alone help fix the problems. "We're not supposed to help customers remove malware from their computer," one anonymous Apple support rep allegedly told Bott.

Surprised? Again, you shouldn't be.

Apple's culture—"arrogant superiority"—prevents it from admitting there is a problem, let alone addressing it. This is very similar, actually, to the Soviet response to "Western" problems in its society in the 1980s: Since such problems were impossible under Communism, they didn't exist. Problem solved.

Discuss this Article 21

@whiplash55,
Yikes, that is a definite step-up by the bad guys! I read the article from your link, and that got me wondering if this attack would be blunted if you were running as a non-admin user. Though I admit I don't know much about the mac.

"As a result, Microsoft's software is more secure than ever. In fact, Microsoft's OS software is so secure that it's no longer the primary avenue for electronic attacks on PCs. Now, hackers are going after popular third-party software, like that made by Adobe, instead."
Yes Windows 7 is very secure. But, MacOS X Snow Leopard is also on a par with Windows 7 . (Charlie Miller says it isn't because it lacks full ASLR). This is not 2003. Mac OS X is not defenseless, it is not Windows XP, which was an unprotected target for hackers. As you said with Windows 7, virtually the only attack vectors are application vulnerabilities, trojans and phishing. This is exactly the same for Mac OS X and users have had to deal with them, just like Windows for the last couple of years. The Mac Defender trojan and it's variants is no different. It is easily avoided and easily removed. The only reason it is news is because it managed to fool a number of people into installing it and even fewer people into giving their credit card details.

"This ignorance has never really bitten Apple or its users, of course. But this month, a new Mac malware threat has emerged. And Apple's responselack of response, reallyis troubling, because this one could be for real. But it shouldn't be surprising if you know anything about the company."
The arrogant smug Apple fanboy surfing the web with his head in the sand about Mac viruses, is a fallacy. He/she no longer exists. It is a myth continued on from 2003 by the PC brigade, who were taunted by the Mac fanboys over Windows XP. Long time Mac users like myself (we may be still smug, but we aren't ignorant ) are acutely aware there are a number of trojans circulating. We know how to avoid them and we know the web can be surfed safely with a bit of know how and common sense. Your Windows using friends will say this too.
The vast number of people infected were in no doubt "newbies."
These are the computer users who would get fooled no matter what platform they were using. But, people learn quick, it will only happen to them once. This is a good lesson for them.
This is not the first Mac trojan and it is not the last. The Mac community is relatively small and word spreads fast. That is why the number of infections from this trojan have dropped considerably.
This is also a good lesson for Apple. Paul makes his only valid point here that Apple responded too slowly. They have since posted instructions on how to remove the trojan and promised a security update.
But, how can an OS protect a user from trojans? Neither Windows 7 or MacOS X can do that. AV software is also useless until its definitions have been updated.

While I disagree with the inflammatory tone of this article, I do agree with it in principle. It seems that the villains are now targeting Apple products. Security tools have had modules targeting Apple gear for some time. I think a critical mass (of sorts) has been achieved, and attacks on Apple products will escalate.

Typical all over the place here.
Typical Paul for writing an article trying to get a reaction.
Typical Trolls for biting on it and defending Apple, who's clearly in the wrong.
Typical Apple for not understanding how security really works. They're taking on each attack individually. They're going to be fixing things for a long, long time.

I'm reminded of Algebra 2 in high school, when my math teacher gave me a B+ U. When I challenged him showing my test scores earned me a solid A he said yes but I don't feel you have been trying hard enough!
Judge Apple on how successful it has been protecting it's users for the past 11 years under OS X, and continue as we move forward. It is possible that this is the beginning of the end for mac security, but my guess is it was just a bump in the road.
You see I think it is you that doesn't get it. Apple doesn't have to be faster than the bear, just faster than you. So, as long as they respond quickly enough that the bad guys don't make enough to make this worth doing again, they win.
So now we drink and see who is right and who is dead!

@yoshi
Entering your password is no longer nescessary with the updated hack.http://www.zdnet.com/blog/bott/mac-malware-authors-release-a-new-more-dangerous-version/3385?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+zdnet%2FBott+%28ZDNet+Ed+Bott%27s+Microsoft+Report%29
It appears these guys are ready to update the exploit as Apple slowly responds.

"Windows expert Ed Bott has come under withering fire from the iCabal for having the temerity to raise this issue and then not let go of it. And he's since published internal Apple documentation in which the Cupertino company instructs its support representatives to not even acknowledge let alone help fix the problems. "We're not supposed to help customers remove malware from their computer," one anonymous Apple support rep allegedly told Bott."
Ed Bott used this trojan as evidence of an explosion of Mac Malware, estimating 60,000 - 125,000 infections with no real evidence. Other tech websites then published this FUD as fact. How is the number of infections by one new trojan a measure of the wave of new malware coming? It is not. This is not a 1000 new viruses appearing overnight it is one trojan and it's variants, for gods sake. MacOS X is not Windows XP. Has Windows 7 suffered a malware explosion? No. Neither will MacOS X.
The whistle blower was an Applecare rep. Applecare is an extended warranty for Mac hardware, with complimentary basic telephone support.
Applecare is completely the wrong avenue for malware removal. Here is what Applecare provides:
http://www.apple.com/support/complimentary/
see part f. Information that isolates issue to a third-party product, not supported by Apple.
Genius bars are set up to give much better service. In reality, as attested by actual Mac users, infected users were getting help from Geniuses and other Apple support. The internal Apple document also didn't ignore the problem it gave instructions for users to install AV software which would remove the malware for them.
Isn't this exactly what the PC brigade have been saying for years that Apple needs to do?
This Mac Defender brouhaha has come from one source - Ed Bott. He got riled by John Gruber for being called out for "Crying Wolf" and has been on a FUD campaign ever since desperately trying to vindicate his original story that Mac Malware is set to explode.

Apple would not get this kind of bashing from Paul if only they did not bash Windows for being virus ridden. It is as simple as that. I am both a Mac and Windows user and there are advantages and disadvantages to both operating systems. To be fair, Apple has been relatively safe from viruses but only because it is not a BIG target. Now that it has become one, it is certainly possible it will suffer the same fate as Windows.

Thanks for totally ignoring that Apple has said they will be sending out a fix and removal tool soon, too. It's possible that the article deadline was before that announcement from Apple. If so, please provide a followup article stating that Apple is doing so.

Windows is the larger hack target by far, with that, I agree. However, I would still counsel Apple owners not to become complacent. I've seen a significant increase in the number of Apple product exploits over the last 2 years.

"And then there's Apple. Even when Mac OS X was the company's major focus, Apple pretty much ignored security, claiming that the system's underlying UNIX core made its OS offering more resilient than the competition. It routinely waited months and even years before fixing security bugs. (Microsoft releases security fixes on a predictable 30-day schedule and releases very important fixes as needed.) And now that OS X is on the back burner thanks to the incredible success of Apple's mobile devices, it shouldn't be surprising that Apple is still ignoring security issues in OS X."
Apple has always maintained it's Unix core makes the OS more resilient, which is true to a point. But Apple has in no way been ignoring security and resting on it's laurels as you claim. Virtually all of the security measures employed byWindows 7 have also been implemented in Snow Leopard. Apple has also recommended installing AV software for quite some time.
http://www.apple.com/macosx/security/
(See bottom of page under Security Advice)
Also, I'm not sure how Paul can say MacOS X is on the back burner with the imminent release of Lion (A year before Windows 8). They have even asked security experts including Charlie Miller to rigorously test Mac OS X Lion.
http://news.cnet.com/8301-1009_3-20036218-83.html
Apple has also hired a couple of security experts lately.
David Rice formerly from the NSA & Navy and Window Snyder from Mozilla, & Microsoft.
http://www.electronista.com/articles/11/01/22/apple.gets.navy.guru.david.rice.as.security.head/
http://www.h-online.com/security/news/item/Apple-hires-ex-Mozilla-security-chief-945573.html

Sorry for the number of multiple long posts on Mac Defender. But as usual, Pauls blog is full of bias, FUD and utter BS that can easily be refuted with a bit of research on Google.
Paul and the PC brigade here are always saying that the iFanboys have completely outdated views of Windows security, they say the problems with viruses and malware are no longer true and that that Windows 7 is a much, much secure hardened OS.
That is true. Microsoft does lead Apple in security.
But, Paul's blog has done nothing but recycle old and outdated views of Mac security, that haven't been true for some time.
"Apple's security laziness can be easily explained: Because of the relatively tiny size of the Mac market, Apple never really had to address security concerns with its one-time primary platform in a timely manner. So it never did. Still doesn't, in fact."
That's funny, I receive regular security updates on my Mac, which you regularly make fun of in your blogs for the number of vulnerabilities patched.
However, I don't think you have much to gloat about.. When you rank the vulnerabilities by severity, Microsoft OSs have a much, much higher percentage of high risk vulnerabilities.
http://www.gfi.com/blog/top-vulnerable-applications-operating-systems-2010/

"This ignorance has never really bitten Apple or its users, of course. But this month, a new Mac malware threat has emerged. And Apple's responselack of response, reallyis troubling, because this one could be for real"
And that's the punchline. This is another Henny Penny "the sky is falling", no this time it REALLY is.
As for Trojan/phishing threats, just what is it that Apple---or anyone---is supposed to do that keeps stupid users from typing in an admin password?
Finally, note that OS X supports THREE user levels, regular, admin and root. An admin user can mess up his own account, but not the system, so the threat level here, even for dumb admin users, is not the catastrophe that it's being billed as.
Of course, we need to remember that this is PAUL, so there is the usual observer bias,
"Apple's culture"arrogant superiority"prevents it from admitting there is a problem, let alone addressing it. This is very similar, actually, to the Soviet response to "Western" problems in its society in the 1980s: Since such problems were impossible under Communism, they didn't exist. Problem solved.
You think I'm exaggerating? Then you know nothing about Apple."
So Apple=Soviet Union. Over the top even for the WIndowsBizarroSite.

"Without getting into the specifics of the hack"
But this is the most important part of the story. Users had to enter the administrative password to install this. Now, if you want to talk about the variant that bypasses this need by using the open "safe" files option in Safari, then you have a case.
That being said, yes, Apple could have responded quicker.
"Apple's culture"arrogant superiority"prevents it from admitting there is a problem, let alone addressing it."
I somehow seem to remember you making fun of Apple for having so many security updates and fixes this past year. So which way is it? Or are you playing both sides when it comes to bashing Apple?

Wow, the same "arrogant superiority" is alive and well.
Breaking News from Yesterday:
A new variant called Mac Guard doesn't require a password. Once it gets on your system? Boom! Instant compromise. Why? Because of a very stupid browser setting in Safari, which "normal" users use instead of Chrome or Firefox, allows "safe" files to be downloaded and open.
Safari has become the new IE 6 with it's swiss cheese security. Unless you guys have been living under a rock? Other breaking News Flash: Safari has been pwned for the last couple of years at the CanSecWest Pwn2Own contest.
I don't know if you some of the Mac fans are just still being smugly arrogant or need a Gibbs smack as an obvious wakeup call.
As Dwight Silverman put in his article on his Houston Chronicle blog, "Apples clearly got a malware arms race on its hands, and may be about to face the kind of escalation that Microsoft learned from years ago."
Wake up guys, the Mac malware wars have just started. Now that these kits are in the hands of criminals & other hackers, that old "Macs don't get viruses" crap doesn't cut it. The Mac community can stick your head in the sand & ignore it just like John Gruber? Or wake up to the reality that the days of security through obscurity is over. Ed Bott is being a real reporter here doing the job that most Mac reporter's aren't doing. Getting this real world malware threat information to the public. It's time the Mac community really get it's act together, acknowledge this threat & push Apple respond to threats. Or will it take the next Mac Guard to be a reality check?